Le Friday 20 March 2009 14:18:22 Mike Hommey, vous avez écrit :
> > This idea of a public reviewing page for NEWly uploaded packages really
> > looked appealing to me.
>
> On the other hand, when you look at projets such as Mozilla or Webkit,
> there are people already doing that upstream, or ensuring things are done
> properly at commit time. Why should we duplicate that effort, especially
> considering how much work it represents for teams that are already
> undermanned.
I don't mean duplicate work.
To me, the essence of copyright reviewing remains in the level of trust that
you put in the guys that did the job. If you think your upstream is doing
this seriously, then it could be fine.
But, more generaly, when dealing with trust, the only suitable way to pretend
that you are seriously adressing an issue is to have a process which is
openly reviewable. You do not pretend that each interested collaborator is
going review it any time, but you publicaly challenge anyone to check your
work.
At least that is how I understand "we will not hide our issues".
Why shouldn't this work also for copyright reviewing in debian packages ? If
you think of it, when people commit a patch to a project, it is acked by some
guys and then considered as reviewed. That is also how it works in my work
(research) when we publish papers.
Why couldn't it exists a public page for reviewing copyright, for which
interested developpers could send a signed ACK claiming they have reviewed
the copyright file and that it is ok for them (or not...), including the
ftpmasters themselves.
This could of course be mitigated by some degree of trust, like considering
that ftpmasters are more reliable in checking details for a particular
uncommon license.
But for the vast majority of packages, this would be sufficent to decide on
the acceptation or not of a NEW package.
Romain